Dashboard: Fixes kiosk state after being redirected to login page and back (#29273)

* Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2020-11-20 19:30:37 +01:00 · 2020-11-20 19:30:37 +01:00 · 1076f47509
commit 1076f47509
parent 702cb90846
2 changed files with 32 additions and 9 deletions
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -2,6 +2,7 @@ package middleware
 import (
 	"net/url"
 	"regexp"
 	"strconv"
 	"strings"
@ -53,18 +54,19 @@ func notAuthorized(c *models.ReqContext) {
 		redirectTo = setting.AppSubUrl + c.Req.RequestURI
 	}
-	// remove forceLogin query param if it exists
+	// remove any forceLogin=true params
-	if parsed, err := url.ParseRequestURI(redirectTo); err == nil {
+	redirectTo = removeForceLoginParams(redirectTo)
-		params := parsed.Query()
+
-		params.Del("forceLogin")
+	WriteCookie(c.Resp, "redirect_to", url.QueryEscape(redirectTo), 0, newCookieOptions)
 		parsed.RawQuery = params.Encode()
 		WriteCookie(c.Resp, "redirect_to", url.QueryEscape(parsed.String()), 0, newCookieOptions)
 	} else {
 		c.Logger.Debug("Failed parsing request URI; redirect cookie will not be set", "redirectTo", redirectTo, "error", err)
 	}
 	c.Redirect(setting.AppSubUrl + "/login")
 }
 var forceLoginParamsRegexp = regexp.MustCompile(`&?forceLogin=true`)
 func removeForceLoginParams(str string) string {
 	return forceLoginParamsRegexp.ReplaceAllString(str, "")
 }
 func EnsureEditorOrViewerCanEdit(c *models.ReqContext) {
 	if !c.SignedInUser.HasRole(models.ROLE_EDITOR) && !setting.ViewersCanEdit {
 		accessForbidden(c)
--- a/pkg/middleware/auth_test.go
+++ b/pkg/middleware/auth_test.go
@ -1,11 +1,13 @@
 package middleware
 import (
 	"fmt"
 	"testing"
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/stretchr/testify/require"
 	. "github.com/smartystreets/goconvey/convey"
 )
@ -104,3 +106,22 @@ func TestMiddlewareAuth(t *testing.T) {
 		})
 	})
 }
 func TestRemoveForceLoginparams(t *testing.T) {
 	tcs := []struct {
 		inp string
 		exp string
 	}{
 		{inp: "/?forceLogin=true", exp: "/?"},
 		{inp: "/d/dash/dash-title?ordId=1&forceLogin=true", exp: "/d/dash/dash-title?ordId=1"},
 		{inp: "/?kiosk&forceLogin=true", exp: "/?kiosk"},
 		{inp: "/d/dash/dash-title?ordId=1&kiosk&forceLogin=true", exp: "/d/dash/dash-title?ordId=1&kiosk"},
 		{inp: "/d/dash/dash-title?ordId=1&forceLogin=true&kiosk", exp: "/d/dash/dash-title?ordId=1&kiosk"},
 		{inp: "/d/dash/dash-title?forceLogin=true&kiosk", exp: "/d/dash/dash-title?&kiosk"},
 	}
 	for i, tc := range tcs {
 		t.Run(fmt.Sprintf("testcase %d", i), func(t *testing.T) {
 			require.Equal(t, tc.exp, removeForceLoginParams(tc.inp))
 		})
 	}
 }